A tool to detect illegitimate stars from bot accounts on GitHub projects
This PR is the most important yet. It makes Astronomer sign and send its trust reports to Astrolab, a server in charge of collecting Astronomer reports and serving GitHub badges.
github.com/ullaakut/astronomer/pkg/context
github.com/ullaakut/astronomer/pkg/gql
FetchStargazers
and FetchContributions
public methodsgithub.com/ullaakut/astronomer/pkg/trust
Compute
and Render
public methodsgithub.com/ullaakut/astronomer/pkg/signature
--all
to get better trust reports, despite their early users being bot accounts, any scan of a repository with more than 200 users will compare the first 200 users to the rest in a comparative report, and will select the worst trust factors of both reports.--fast
option, replacing it with a --all
mode, disabled by default, which does the opposite of what --fast
did and scans all of a repo's stargazers--details
option and replace it with a --verbose
mode which defaults to false. When set to true, it shows the intermediary trust reports used to build the final trust report--fast=false
. The amount of stars to compute in fast mode can also be changed by using the -s
or --stars
optionThis release introduces a new pre-fetch mechanism which quickly gets all stargazers of the repository, 100 by 100, without their contributions. This step is fast and allows Astronomer to do a few new things:
fetchContributions
to navigate through the users
fetchContributions
function, and take random ones. (See #10)Additionally, Astronomer now properly notifies users when their GitHub token is missing. It also updates the documentation to add a gif of Astronomer scanning itself.
It is also the first release with a specific tag on the docker image (v0.3.0
) and binary releases in GitHub.
0.1.0
version.--details
flag is enabled-d, --details
which makes Astronomer print more detailed statistics-c, --cachedir
which allows users to specify a custom cache directory in which to store cache data. It defaults to ./data
.go install
procedure